Data-processing arrangement comprising confidential data

ABSTRACT

A data-processing arrangement ( 3 ) comprises a data-handling circuit ( 4 ) and a supply-current circuit ( 8 ) whose dynamic behavior is inherently chaotic in the sense of Lyapunov. The data-processing arrangement is arranged so that a power supply current (i o ) consumed by the data-handling circuit flows through the supply-current circuit.

FIELD OF THE INVENTION

The present invention relates to a data-processing arrangementcomprising confidential data. Such a data-processing arrangement may be,for example, a smart card or a micro-controller to be incorporatedwithin a smart card.

Smart cards are standardized items generally used in applications inwhich secure storage and processing of confidential data is essential.They are more specifically intended to applications in the field ofhealth, of pay per view TV applications, and also banking applications,for example, such as the electronic purse.

BACKGROUND OF THE INVENTION

Defrauders have developed so-called current-based attacks in order toobtain information about confidential data handled by smart cardmicro-controllers. These are, for example, keys for executing encryptionalgorithms implemented within the micro-controllers, such as algorithmsknown as the DES (DataEncryption Standard) or RSA (Rivest ShamirAdleman) algorithms or portions of the code executed by saidmicro-controllers.

These attacks are based upon the following principle. The current i(t)used by the micro-controller which, over a time interval T, executes aninstruction INS is a function of operands OPE handled by saidinstruction INS.

In order to carry out current-based attacks, defrauders may inparticular connect a resistor R having a small resistance, for instanceof 1 Ω in series between a power-supply source and a power-supplyterminal of the smart card. They then display a signal which representsvariations in the current i(t) used by the micro-controller as afunction of time. This signal is obtained in response to themicro-controller executing several hundreds or even several thousands ofinstructions applied to identical operands, be they similar ordifferent. The instructions derive from APDU (Application Data Unit)commands, which are described in the IO 7816 standard. The ADPU commandsare transmitted to the micro-controller by means of a computer equippedwith a reader. This computer is also connected, for example, to adigital oscilloscope which samples variations in the current i(t) usedby the micro-controller and digitizes the obtained results forsubsequent analysis. According, it is possible to retrieve secretinformation contained in a smart card.

Micro-controller manufacturers and smart card manufacturers havedeveloped methods for securing these devices against current-basedattacks. A known method consists in adding some form of random noise tothe current consumed by the micro-controller. However, thiscountermeasure is not sufficiently immune to statistical attacks such asDPA (Differential Power Analysis) or IPA (Inferential Power Analysis).

SUMMARY OF THE INVENTION

It is an object of the invention to provide enhanced security againstso-called current-based attacks.

To that end, the invention provides a data-processing arrangement asdefined in claim 1.

Other features and advantages of the invention will become apparent inthe following description of the invention described by way ofnon-limiting examples in reference to the appended figures.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 shows a smart card according to the invention, with a cardreader;

FIG. 2 shows a cryptosystem or a subsystem of this cryptosystemaccording to the invention;

FIGS. 3, 4 and 5 illustrate different coupling variants between simplechaotic subsystems;

FIGS. 6, 7 and 8 show different means for enhancing the chaoticproperties of a cryptosystem according to the invention; and

FIG. 9 is a schematic drawing of a system for generating a randomsignal.

DETAILED DESCRIPTION

An exemplary implementation of the invention is shown in FIG. 1.

In this figure, reference numeral 1 designates a micro-controller card.Such a card 1 includes a card body 2 and a micro-controller 3. Thismicro-controller 3 is incorporated within card body 2. It comprises fivecontact terminals, namely the VCC, RST, CLK, I/O and GND terminals.Terminal VCC is a power supply terminal for supplying power to themicro-controller, terminal RST is a reset terminal for transmitting areset signal to the micro-controller, terminal CLK is a clock terminalfor transmitting a clock signal to the micro-controller, terminal I/O isan input/output terminal for allowing logical data exchanges to takeplace between the micro-controller and the outside world, and terminalGND is a grounding terminal for grounding the micro-controller. Theseterminals are electrically connected, via electrical connection means,to an antenna embedded within card body 2 or/and to contact pads flushwith the surface of said body 2.

Micro-controller 3 comprises a data-managing operative portion 4 and aninterface portion which is not operatively involved with datamanagement.

Operative portion 4, or the operative micro-controller, advantageouslycomprises all, but also sometimes a portion, of the sub-units, of whichCMOS (Complimentary Metal-Oxide Semiconductor) inverters are formanaging confidential data. Therefore, it forms a part of themicro-controller able to deliver information pertaining to confidentialdata managed thereby. In practice, this operative portion may comprisethe central processing unit, CPU, possibly an encryption processorassociated with this unit, data and address bus control circuits, aswell as RAM (Random Access Memory), ROM (Read-Only Memory) and EEPROM(Electrronically Erasable Programmable Read-Only Memory) memories or anyother kind of memory. It can also comprise portions which are notoperatively involved in data management.

The interface portion comprises means which use a portion of the powerthat is not capable of revealing information about data processed by themicro-controller. It may comprise, for example, a charge pump, orinterface circuits associated with the RST, CLK and I/O terminals. Asfar as the RST terminal is concerned, in particular, these means can bemeans for detecting the initialization signal of the micro-controllerand of associated means. Regarding the CLK terminal, they can be, inparticular, means for detecting frequencies ranging from a lower limitto an upper limit. Finally, regarding the I/O terminal, they are meansfor enabling the micro-controller to communicate by switching from aninput to an output mode.

According to the invention, micro-controller 3 comprises a cryptosystem8. This cryptosystem 8 is incorporated within micro-controller 3, bybeing interposed between the reader 6 of card 2 and its operativeportion 6. A power supply voltage V₀ which, in practice, is constant, isinput to micro-controller 3 and a power supply voltage V_(CC) is inputto the operative portion of micro-controller 3. The current used bymicro-controller 3, measured at its output, is designated i(t) and thecurrent used by its operative portion 4 is designated i₀(t).

The cryptosystem 8 according to the invention encrypts variations in thecurrent i₀(t) used by the operative portion 4 of micro-controller 3.

Advantageously, cryptosystem 8 encrypts these variations through chaoticmodulation. This cryptosystem 8 is therefore chaotic and forced by thecurrent i₀(t) used by the operative portion 4 of micro-controller 3.

The book by M. J. Ogorzalec, entitled “Chaos and Complexity in NonlinearElectronic Circuits”, published in the World Scientific Series onNonlinear Science, publisher Leon O. Chua, 1997, ISBN 981-02-2873-2,gives a general description of chaotic systems as well as the principleof chaotic modulation. In particular, such systems are unstable in thesense of Lyapunov, in that they show the so-called property of beingsensitive to initial conditions. Thus, any error on initial conditionsor, more generally, any system perturbation, is exponentially amplifiedwith time so that, after a certain time duration, known as the Lyapunovtime, it is no longer possible to predict the system's state. Thus,regarding the problem to be solved by this invention, chaotic systemsshow particularly interesting properties: not only do they act as noiseamplifiers but also, if the micro-controller executes the same series ofinstructions several times, which instructions correspond to the samecurrent i₀(t) used by its operative portion, the measured signals i₀(t)are each time completely different from one another, so that statisticalattacks can be counteracted.

In other words, when cryptosystem 8 is chaotic in the sense of Lyapunov,the information contained in the used current i₀(t), be it amplitudeinformation or frequency information, disappears from the output signali(t). However, since the system is deterministic, this means that thisinformation cannot be found from output signal i(t). This only meansthat this information is concealed.

An exemplary particularly simple time-continuous forced chaoticcryptosystem is shown in FIG. 2. This cryptosystem, or else any of itssubsystems, comprise an RLC a resonant circuit consisting of a resistor(R), an inductor (L), and a capacitor (C)) oscillator with voltagecontrol switching. In such a system, a switch K is voltage controlled.If supply voltage V_(CC) is larger than a threshold voltage V_(th), thenK is ON. Otherwise, K is OFF.

When K is ON, the system is generally described by a state equation ofthe following kind:

$\begin{matrix}{{\frac{\mathbb{d}Z}{\mathbb{d}t}(t)} = {{{AZ}(t)} + {B\;{i_{0}(t)}}}} & (1)\end{matrix}$and by an output equation of the following kind:i(t)=^(t)CZ(t)  (2)where

${A = \begin{pmatrix}0 & 1 \\{- \frac{1}{LC}} & {- \frac{R}{L}}\end{pmatrix}},{B = {\left| {\begin{matrix}0 \\\frac{1}{LC}\end{matrix}\mspace{14mu}\text{and}\mspace{14mu} C} \right. = \left| \begin{matrix}1 \\0\end{matrix} \right.}}$

When K is OFF, then i(t)=i₀(t).

For an input current of the form i₀(t)=A_(m)+A₀ cos ω₀t, with A_(m)=15mA, A₀=10 mA, ω₀=2π×3,57 Mrad×s⁻¹, R=0 Ω, L=1 μH, C=5 nF and V_(th)=4,9V, i(t) is chaotic with 4.5 V<<V_(cc)<<5.5 V, V_(CC) thus remainingwithin the usual voltage range of the operative micro-controller portionof a smart card.

In another example, the cryptosystem, or else, any of its subsystems, iscomposed of Chua's circuits. Such circuits are more particularlydescribed in L. O. Chua et al., “Canonical Realization of Chua'scircuits family”, 1990, IEEE Transactions on Circuits and Systems, Vol.37(7), p. 885-902.

The geometrical dimension of cryptosystem 8 is greater or equal to two.It is preferably of a large dimension, specifically, greater than fouror five, so that the cryptosystem is as chaotic as possible, and inparticular, hyperchaotic. Such high-dimensional cryptosystems can beobtained from a plurality of simple chaotic subsystems with ageometrical dimension of two or three.

These simple chaotic subsystems, shown by reference numerals 10-1, 10-2,. . . or 10-n in FIG. 2, 12-1 or 12-2 in FIG. 3, or else, 14-1, 14-2, .. . or 14-16 in FIG. 4, can be coupled according to differentvariations.

According to a first variation shown in FIG. 3, a cryptosystem 8 isobtained from a plurality of n simple chaotic subsystems 10-1, 10-2, . .. , 10-n which are unidirectionally cascade-coupled. Output i_(i)(t) ofa system 10-i is applied to the input of subsystem 10-i+1, thus forcingsaid subsystem 10-i+1, while subsystem 10-1 is forced by the currentused by the micro-controller's operative portion. Then, the geometricaldimension of cryptosystem 8 is equal to the sum of the geometricaldimensions of each of the subsystems.

According to a second variation illustrated in FIG. 4, ahigh-dimensional cryptosystem 8 is obtained from two bidirectionallycoupled subsystems 12-1 and 12-2. Such a bidirectional coupling ofsimple chaotic subsystems, allowing a six-dimensional hyperchaoticsystem to be obtained is described in “Synchronization of HyperchaoticCircuits via Continuous Feedback Control With Application to SecureCommunications”, International Journal of Bifurcation and Chaos, Vol. 8,No 10 (1998), p. 2031-2040, M. Brucoli et al.

According to a third variation shown in FIG. 5, a high-dimensionalcryptosystem 8 is obtained from n identical subsystems 14-1, . . . ,14-n networked together so that each subsystem is coupled, in aunidirectional or bidirectional way, to m other subsystems, where m is anumber at least equal to three and which is set to four in the exampleof FIG. 5. It should be noted that an arrangement of network-mountedsimple chaotic subsystems is described in Caponetto et al.,“Programmable Chaos Generator, based on Cellular Neural Network, withapplications in Chaotic Communications”, 1998, Fifth IEEE InternationalWorkshop on Cellular Neural Networks and their Applications, London,14-17 April 1998, as well as in J. A. Suykens et al., “n-Double ScrollHypercubes in 1-D CNNs”, published in the International Journal ofBifurcation and Chaos, Vol. 7, N° 8 (1997), p. 1873-1885.

Moreover, the cryptosystem according to the invention may includedifferent means for increasing its chaotic properties. Such propertiescan also be quantified in different ways and connected to the residualinformation amount contained in signal i(t).

A first means is described in an article by Kipchatov et al., “Creationof High-dimensional Oscillations from Low-dimensional Systems”, inProceedings of the International Conference on Dynamical Systems andChaos, Singapore, World Scientific, Vol. 2, p. 359-362, 1995. It isbased upon the following principle: the autocorrelation function of theused current i(t) shows minima for given time shifts; if T_(m) is thetime shift for one of those minima, then signal

${i^{\prime}(t)} = \frac{{i(t)} + {i\left( {t - T_{m}} \right)}}{2}$is dynamically much more complex than i(t). It is therefore desired toobtain a cryptosystem 8 that implements function i'(t). In practice, andas illustrated in FIG. 6, a circuit is made for that purpose, andcomprises a delay line 16, a current divider 18 and a current adder 19.

A second means for obtaining highly chaotic systems uses a system havingderivatives of non integer orders. This method is described in anarticle by P. Arena et al, “Bifurcation and Chaos in Noninteger OrderCellular Neural Network”. Systems implementing this second method areintrinsically more chaotic than more conventional systems with integerorder derivatives. This will then be referred to as γ-chaos.

A third means for making a cryptosystem 28 or a subsystem of such acryptosystem more unstable and therefore more chaotic is such that itincludes, across the terminals of this cryptosystem 28, a positivefeedback element 26 intended to be a part of a feedback loop which, inthis cryptosystem, will be a positive feedback loop. This third means isshown in FIG. 7.

Finally, according to a fourth means, a chaotic signal i_(i)(t) can beapplied to a low-pass filter 20 such as the one shown in FIG. 8. Then,the obtained signal i₂(t) will become more chaotic with lower filtering.Such a system has the following two advantages. On the one hand, it is asimple means of obtaining highly chaotic signals. On the other hand,someone attempting to perform an attack on the system, who would try tolow-pass filter signals because of the noise they appear to contain,would himself or herself contribute in making this signal even morechaotic. This phenomenon is known as superfractalization. It isdescribed, in particular, in an article by V. Krasichkov, “Filtering ofChaotic Oscillations: Effect of Transfer Function”, published in theProceedings of the Fifth Conference of Non-linear Dynamical Systems,Moscow, 1997, pages 464-468.

Cryptosystem 8 according to the invention has the further advantage ofbeing stochastic. Thus, it not only comprises means for chaoticmodulation encryption of variations in the current i₀(t) used by theoperative portion of micro-controller 4, but it also changes in time ina random manner.

According to a first embodiment, cryptosystem 8 comprises means formaking at least one the parameters which determine its underlyingequations stochastic.

In practice, these parameters are made stochastic by causing thephysical characteristic values of one or more electronic components thatcompose the cryptosystem to become more stochastic. The range in whichthe stochastic parameters vary is chosen so that, within said range, thecryptosystem will always be chaotic.

In addition, various criteria are advantageously applied so as to choosethe parameter(s) from those which determine equations that govern thecryptosystem 8 according to the present invention.

A first criterion for selecting the parameter to be made stochasticconsists in adapting the one for which, within the allowable variationrange, the dynamical cryptosystem undergoes the largest number ofbifurcations. Thus, within this range, when the parameter varies, aplurality of cryptosystems with totally different properties areobtained.

A second criterion for selecting the parameter is to take theparameter(s) which define(s) the, or one non-linearity in thecryptosystem.

A third criterion for choosing the parameter is to choose the one whichshows or can show the fastest variations in time within its variationinterval, which variations can be induced.

In the exemplary system shown in FIG. 2, the parameters that can be madestochastic are R, L, C and V_(th), where V_(th) defines thecryptosystem's non-linearity.

In order to make a parameter stochastic, one may use, in particular, ananalog noise source. For example, this noise is a thermal noise measuredacross an open-circuit resistor in the micro-controller or asemiconductor junction noise across a diode.

However, use can also be made of a device of the kind shown in FIG. 9,which is composed of a random number generator 22 and adigital-to-analog converter 24. This generator 22 can also be applied toany parameter of a device described in connection with one of FIGS. 2 to8. Preferably, in an application dedicated to smart cards, one can usethe random number generator included in the operative portion 4 ofmicro-controller 3.

In another embodiment of the present invention, the equations underlyingcryptosystem 8 according to the invention are themselves madestochastic.

For this purpose, it is possible to permanently modify the topology ofcircuits 8, for example by means of switches. Such a technique hasalready been described in a document by A. A. Alexeyev et al., entitled“Secure Communications Based on Variable Topology of Chaotic Circuits”,published in the International Journal of Bifurcation and Chaos, Vol. 7,N° 12, p. 2862-2869, 1997. However, the application according to thisarticle mainly relates to encryption and information is concealed at theoutput of the circuit, but does not disappear as in the presentinvention.

Finally, according to the present invention, the information originallypresent within the output admittance signal i₀(t) of the operativeportion 4 of said micro-controller 3 can be made to disappear from theoutput current i(t) used by micro-controller 3. Due to the combinationof the applied chaotic and stochastic processings, which cannot beseparated because of non-linearity, signal i₀(t) can no longer beretrieved from an output signal i(t), as the amounted mutual informationbetween signals i₀(t) and i(t) can be highly reduced.

The decription hereinbefore illustrates the following basic features. Adata-processing arrangement (3) comprises a data-handling circuit (4)and a supply-current circuit (8) whose dynamic behavior is inherentlychaotic. The data-processing arrangement is arranged so that a powersupply current (i_(o)) consumed by the data-handling circuit flowsthrough the supply-current circuit.

The various embodiments, variations, or examples presented heredemonstrate that it is possible to implement a very efficientcountermeasure by means of a simple low-cost electronic device.Moreover, this countermeasure, the logical part of the smart card can bepreserved.

Thus, it is no longer possible to access data managed by the operativeportion of the micro-controller based on the measured variations in thecurrent i(t) used by the micro-controller without previously having todecrypt said variations.

Preferably, the cryptosystem comprises means for encrypting the currentused by the data managing operative portion of the micro-controllerthrough a chaotic modulation. Advantageously, the cryptosystem is a timecontinuous non linear chaotic system forced by current i₀(t) ofgeometric dimension, that is having a dimension in the phase space,which is greater or equal to two.

In the previous section, as well as in the following description, theterms “chaos” and “chaotic” are assumed to mean “chaos in the sense ofLyapunov” and “chaotic in the sense of Lyapunov”, respectively.

By virtue of the properties of chaotic dynamic systems, the informationcontained in the variations of the current i₀(t) used by the operativeportion of the micro-controller disappears from the measured signal, beit amplitude information or frequency information, since the usedcurrent i₀(t) is entirely transformed by the cryptosystem. Therefore, itis no longer possible, or at least it becomes difficult, to retrievethis information. More specifically, for decrypting the observed signaland solve the original problem, the defrauder should first identify thechaotic system used by determining its underlying equations as well asthe parameters defining said equations, and then reconstruct thevariations in the current used by the operative portion of themicro-controller from the variations in the measured current used by themicro-controller, by artificially inverting the cryptosystem. But, dueto the intrinsic noise of electric systems, errors on the rated valuesof electronic components, which are due to manufacturing defects, andmeasurement limitations, if the cryptosystem is sufficiently chaotic,not only can its identification become problematic, but the decryptionprocess itself, namely the reconstruction of the cryptosystem state ateach time point, can be impossible in practice. In this respect, itshould be noted that those skilled in the art of dynamic encryptionusually try to implement cryptosystems as chaotic as possible in orderto obtain a maximum security level, but it is then quite oftenimpossible to decrypt the signals without introducing, for example,feedback loops between the transmitter and the receiver.

On the other hand, cryptosystems according to the present inventionadvantageously require as little energy as possible. Therefore, thecryptosystem is more chaotic and the encryption of the input signal isstill improved.

The chaotic cryptosystem according to the invention may comprise one ora plurality of simple, possibly identical, forced chaotic subsystems,namely ones having a geometric dimension equal to two or three. One ofthose subsystems is forced by the current used by the micro-controller'soperative portion.

According to a first modification, these simple chaotic subsystems arecascade-mounted and coupled unidirectionally.

According to a second modification, at least two simple chaoticsubsystems are coupled bidirectionally.

According to a third modification, these subsystems are networkedtogether. In this case, each subsystem is coupled, on average, to aplurality of other subsystems, at least three of them.

For the decryption of the current i(t) used by the micro-controller tobe impossible in any case, the cryptosystem according to the inventionis also preferably “stochastic”. In other words, it randomly changeswith time.

In the following description, the term “stochastic” encompasses themeanings of the terms “stochastic” and “pseudo-stochastic” and the term“random” encompasses the meanings of the terms “random” and“pseudo-random”.

In one embodiment of a stochastic cryptosystem, the cryptosystemcomprises means for making at least one of the parameters governing itsunderlying equations stochastic. In practice, these parameters are madestochastic by making the values of the physical characteristic of theelectronic components constituting the cryptosystem stochastic. In orderto do so, the cryptosystem for instance includes a random numbergenerator or a noise generator.

Thus, even if the construction of the cryptosystem is perfectly known bythose attempting to reconstruct the information contained within theadmittance of the micro-controller's operative portion from measuredused current signals, the decryption process is no longer possible.Accordingly, even if the equations and the nominal parameters of thecryptosystem are known by defrauders with any given accuracy, forexample by collusion or reverse engineering, the state of saidcryptosystem, which changes stochastically, cannot be reconstructed atany given time. For this to be done, it would have been required to knowthe value of the current used by the micro-controller's operativeportion at any given time, but this is the very unknown to be found. Inother words, from an encryption point of view, the cryptosystem encryptsnon only the current used by the operative portion of themicro-controller through chaotic modulation, but also the stochasticprocesses governing the parameter values through the parametermodulation method. Therefore, it is impossible to separate, within themeasured signals, the contribution of the current used by themicro-controller's operative portion from the stochastic processes. Inaddition, the contribution of stochastic processes, which is a functionof their sensitivity to the parameters, is generally much larger thanthat of the current used by the micro-controller's operative portion,which is a function of initial conditions.

The micro-controller according to the present invention therefore nowresists so-called white-box attacks since the number of unknowns isstrictly greater than the number of equations relating them to eachother.

Such a cryptosystem thus protects irremediably the information containedwithin the confidential data handled by the secure operative portion ofthe micro-controller.

In another embodiment according to the invention, the equations whichdetermine the cryptosystem are themselves made stochastic. In such acase, the topology of the electronic circuit implementing thecryptosystem is made stochastic, for example, by means of switches.

1. A data-processing device comprising: power supply connections; adata-handling circuit; a supply-current circuit connected to thedata-handling circuit and the power supply connections, thesupply-current circuit being operable to have a dynamic behaviorinherently chaotic in the sense of Lyapunov so that a power supplycurrent consumed by the data-handling circuit produces a chaotic powerconsumption at the power supply connectors.
 2. A data-processing deviceaccording to claim 1, wherein the supply-current circuit comprises aplurality of sub-circuits, two or more of whose dynamic behavior isinherently chaotic in the sense of Lyapunov.
 3. A data-processing deviceaccording to claim 2, wherein the sub-circuits are cascade coupled.
 4. Adata-processing device according to claim 2, wherein the sub-circuitsare coupled so that they constitute a multi-dimensional network.
 5. Adata-processing device according to claim 2, wherein a sub-circuitbelongs to Chua's circuit family.
 6. A data-processing device accordingto claim 2, wherein a sub-circuit comprises an RLC(Resistor-Inductor-Capacitor) oscillator with voltage-controlledswitching.
 7. A data-processing device according to claim 1, wherein oneor more of the components of the supply-current circuit are madestochastic.
 8. A data-processing device comprising a data-handlingcircuit and a power-supply circuit, the power-supply circuit furthercomprising a supply-current circuit whose dynamic behavior is inherentlychaotic in the sense of Lyapunov, wherein the power supply current tothe data-handling circuit flows through the supply-current circuit sothat the power supply current becomes chaotic in the sense of Lyapunov.9. A data-processing device according to claim 8, wherein thesupply-current circuit comprises a plurality of sub-circuits, two ormore of whose dynamic behavior is inherently chaotic in the sense ofLyapunov.
 10. A data-processing device according to claim 9, wherein thesub-circuits are cascade coupled.
 11. A data-processing a deviceaccording to claim 9, wherein the sub-circuits are coupled so that theyconstitute a multi-dimensional network.
 12. A data-processing deviceaccording to claim 9, wherein a sub-circuit belongs to Chua's circuitfamily.
 13. A data-processing device according to claim 9, wherein asub-circuit comprises an RLC (Resistor-Inductor-Capacitor) oscillatorwith voltage-controlled switching.
 14. A data-processing deviceaccording to claim 8, wherein one or more of the components of thesupply-current circuit are made stochastic.